More than half a billion people trust iOS apps with their personal information every day, but security flaws in some applications have allowed for the exposure of sensitive data, circumvention of authentication mechanics, and abuse of user privacy.
A new book from No Starch Press, “iOS Application Security” ($49.95, 296 pages), aims to address these issues by educating developers and security specialists about the common ways iOS applications sometimes fail to protect users and how to identify, fix, and avoid security flaws. It teaches developers how to build secure applications from the ground up by covering the structure and limitations of the iOS security model, the ways local storage mechanisms can leak sensitive information, and how to successfully encrypt data with the Keychain, the Data Protection API, and CommonCrypto.
Following a primer on Objective-C and various mobile security threats, readers learn how to avoid programming flaws and implement protective measures as well as how to use white-box and black-box security testing methods to test their own applications and analyze for vulnerabilities. They’ll also learn how to build a test platform and debug their applications using lldb, Instruments, Hopper, and other third-party analysis tools.
Author Daniel Thiel has 20 years of computer security experience, with expertise in penetration testing and iOS application security. His research and book Mobile Application Security (McGraw-Hill) helped launch the field of iOS application security, and he has presented his work at security conferences like Black Hat and DEF CON. He is currently a security engineer for the Facebook Connectivity Lab.
Go to http://tinyurl.com/zjaff62 for more info.